nilsteampassnet /
TeamPass
@@ -147,7 +147,7 @@ discard block |
||
| 147 | 147 | $sessionPwdAttempts = $session->get('pwd_attempts'); |
| 148 | 148 | $sessionUrl = $session->get('user-initial_url'); |
| 149 | 149 | $server = []; |
| 150 | - $server['PHP_AUTH_USER'] = $request->getUser(); |
|
| 150 | + $server['PHP_AUTH_USER'] = $request->getUser(); |
|
| 151 | 151 | $server['PHP_AUTH_PW'] = $request->getPassword(); |
| 152 | 152 | |
| 153 | 153 | // decrypt and retreive data in JSON format |
@@ -162,18 +162,18 @@ discard block |
||
| 162 | 162 | } |
| 163 | 163 | |
| 164 | 164 | // Check if Duo auth is in progress and pass the pw and login back to the standard login process |
| 165 | - if( |
|
| 165 | + if ( |
|
| 166 | 166 | isKeyExistingAndEqual('duo', 1, $SETTINGS) === true |
| 167 | 167 | && $dataReceived['user_2fa_selection'] === 'duo' |
| 168 | 168 | && $session->get('user-duo_status') === 'IN_PROGRESS' |
| 169 | 169 | && !empty($dataReceived['duo_state']) |
| 170 | - ){ |
|
| 170 | + ) { |
|
| 171 | 171 | $key = hash('sha256', $dataReceived['duo_state']); |
| 172 | 172 | $iv = substr(hash('sha256', $dataReceived['duo_state']), 0, 16); |
| 173 | 173 | $duo_data_dec = openssl_decrypt(base64_decode($session->get('user-duo_data')), 'AES-256-CBC', $key, 0, $iv); |
| 174 | 174 | // Clear the data from the Duo process to continue clean with the standard login process |
| 175 | - $session->set('user-duo_data',''); |
|
| 176 | - if($duo_data_dec === false) { |
|
| 175 | + $session->set('user-duo_data', ''); |
|
| 176 | + if ($duo_data_dec === false) { |
|
| 177 | 177 | // Add failed authentication log |
| 178 | 178 | addFailedAuthentication(filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS), getClientIpServer()); |
| 179 | 179 | |
@@ -191,7 +191,7 @@ discard block |
||
| 191 | 191 | $dataReceived['login'] = $duo_data['duo_login']; |
| 192 | 192 | } |
| 193 | 193 | |
| 194 | - if(isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) { |
|
| 194 | + if (isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) { |
|
| 195 | 195 | echo json_encode([ |
| 196 | 196 | 'data' => prepareExchangedData( |
| 197 | 197 | [ |
@@ -536,7 +536,7 @@ discard block |
||
| 536 | 536 | } |
| 537 | 537 | // Append with roles from AD groups |
| 538 | 538 | if (is_null($userInfo['roles_from_ad_groups']) === false) { |
| 539 | - $userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true ? $userInfo['roles_from_ad_groups'] : $userInfo['fonction_id']. ';' . $userInfo['roles_from_ad_groups']; |
|
| 539 | + $userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true ? $userInfo['roles_from_ad_groups'] : $userInfo['fonction_id'].';'.$userInfo['roles_from_ad_groups']; |
|
| 540 | 540 | } |
| 541 | 541 | // store |
| 542 | 542 | $session->set('user-roles', $userInfo['fonction_id']); |
@@ -548,7 +548,7 @@ discard block |
||
| 548 | 548 | if (count($session->get('user-roles_array')) > 0) { |
| 549 | 549 | $rolesList = DB::query( |
| 550 | 550 | 'SELECT id, title, complexity |
| 551 | - FROM ' . prefixTable('roles_title') . ' |
|
| 551 | + FROM ' . prefixTable('roles_title').' |
|
| 552 | 552 | WHERE id IN %li', |
| 553 | 553 | $session->get('user-roles_array') |
| 554 | 554 | ); |
@@ -594,7 +594,7 @@ discard block |
||
| 594 | 594 | if ($adjustPermissions) { |
| 595 | 595 | $session->set('user-admin', (int) $userInfo['admin']); |
| 596 | 596 | $session->set('user-manager', (int) $userInfo['gestionnaire']); |
| 597 | - $session->set('user-can_manage_all_users',(int) $userInfo['can_manage_all_users']); |
|
| 597 | + $session->set('user-can_manage_all_users', (int) $userInfo['can_manage_all_users']); |
|
| 598 | 598 | $session->set('user-read_only', (int) $userInfo['read_only']); |
| 599 | 599 | DB::update( |
| 600 | 600 | prefixTable('users'), |
@@ -665,10 +665,10 @@ discard block |
||
| 665 | 665 | $session->set('user-latest_items_tab', []); |
| 666 | 666 | $session->set('user-nb_roles', 0); |
| 667 | 667 | foreach ($session->get('user-latest_items') as $item) { |
| 668 | - if (! empty($item)) { |
|
| 668 | + if (!empty($item)) { |
|
| 669 | 669 | $dataLastItems = DB::queryFirstRow( |
| 670 | 670 | 'SELECT id,label,id_tree |
| 671 | - FROM ' . prefixTable('items') . ' |
|
| 671 | + FROM ' . prefixTable('items').' |
|
| 672 | 672 | WHERE id=%i', |
| 673 | 673 | $item |
| 674 | 674 | ); |
@@ -677,7 +677,7 @@ discard block |
||
| 677 | 677 | [ |
| 678 | 678 | 'id' => $item, |
| 679 | 679 | 'label' => $dataLastItems['label'], |
| 680 | - 'url' => 'index.php?page=items&group=' . $dataLastItems['id_tree'] . '&id=' . $item, |
|
| 680 | + 'url' => 'index.php?page=items&group='.$dataLastItems['id_tree'].'&id='.$item, |
|
| 681 | 681 | ], |
| 682 | 682 | 'add' |
| 683 | 683 | ); |
@@ -687,7 +687,7 @@ discard block |
||
| 687 | 687 | // Get cahce tree info |
| 688 | 688 | $cacheTreeData = DB::queryFirstRow( |
| 689 | 689 | 'SELECT visible_folders |
| 690 | - FROM ' . prefixTable('cache_tree') . ' |
|
| 690 | + FROM ' . prefixTable('cache_tree').' |
|
| 691 | 691 | WHERE user_id=%i', |
| 692 | 692 | (int) $session->get('user-id') |
| 693 | 693 | ); |
@@ -719,7 +719,7 @@ discard block |
||
| 719 | 719 | && (int) $sessionAdmin !== 1 |
| 720 | 720 | ) { |
| 721 | 721 | // get all Admin users |
| 722 | - $val = DB::queryFirstRow('SELECT email FROM ' . prefixTable('users') . " WHERE admin = %i and email != ''", 1); |
|
| 722 | + $val = DB::queryFirstRow('SELECT email FROM '.prefixTable('users')." WHERE admin = %i and email != ''", 1); |
|
| 723 | 723 | if (DB::count() > 0) { |
| 724 | 724 | // Add email to table |
| 725 | 725 | prepareSendingEmail( |
@@ -731,7 +731,7 @@ discard block |
||
| 731 | 731 | '#tp_time#', |
| 732 | 732 | ], |
| 733 | 733 | [ |
| 734 | - ' ' . $session->get('user-login') . ' (IP: ' . getClientIpServer() . ')', |
|
| 734 | + ' '.$session->get('user-login').' (IP: '.getClientIpServer().')', |
|
| 735 | 735 | date($SETTINGS['date_format'], (int) $session->get('user-last_connection')), |
| 736 | 736 | date($SETTINGS['time_format'], (int) $session->get('user-last_connection')), |
| 737 | 737 | ], |
@@ -842,7 +842,7 @@ discard block |
||
| 842 | 842 | { |
| 843 | 843 | $rows = DB::query( |
| 844 | 844 | 'SELECT date |
| 845 | - FROM ' . prefixTable('log_system') . " |
|
| 845 | + FROM ' . prefixTable('log_system')." |
|
| 846 | 846 | WHERE field_1 = %s |
| 847 | 847 | AND type = 'failed_auth' |
| 848 | 848 | AND label = 'password_is_not_correct' |
@@ -856,7 +856,7 @@ discard block |
||
| 856 | 856 | foreach ($rows as $record) { |
| 857 | 857 | array_push( |
| 858 | 858 | $arrAttempts, |
| 859 | - date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], (int) $record['date']) |
|
| 859 | + date($SETTINGS['date_format'].' '.$SETTINGS['time_format'], (int) $record['date']) |
|
| 860 | 860 | ); |
| 861 | 861 | } |
| 862 | 862 | } |
@@ -891,7 +891,7 @@ discard block |
||
| 891 | 891 | $ldapConnection |
| 892 | 892 | ) : bool |
| 893 | 893 | { |
| 894 | - include_once $SETTINGS['cpassman_dir'] . '/sources/main.functions.php'; |
|
| 894 | + include_once $SETTINGS['cpassman_dir'].'/sources/main.functions.php'; |
|
| 895 | 895 | |
| 896 | 896 | if ((int) $userInfoDisabled === 1) { |
| 897 | 897 | return false; |
@@ -1086,7 +1086,7 @@ discard block |
||
| 1086 | 1086 | } catch (Exception $e) { |
| 1087 | 1087 | return [ |
| 1088 | 1088 | 'error' => true, |
| 1089 | - 'message' => "Error: " . $e->getMessage(), |
|
| 1089 | + 'message' => "Error: ".$e->getMessage(), |
|
| 1090 | 1090 | ]; |
| 1091 | 1091 | } |
| 1092 | 1092 | } |
@@ -1117,7 +1117,7 @@ discard block |
||
| 1117 | 1117 | 'type' => 'OpenLDAP' |
| 1118 | 1118 | ]; |
| 1119 | 1119 | default: |
| 1120 | - throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']); |
|
| 1120 | + throw new Exception("Unsupported LDAP type: ".$SETTINGS['ldap_type']); |
|
| 1121 | 1121 | } |
| 1122 | 1122 | } |
| 1123 | 1123 | |
@@ -1254,7 +1254,7 @@ discard block |
||
| 1254 | 1254 | ); |
| 1255 | 1255 | } |
| 1256 | 1256 | |
| 1257 | - throw new Exception("Unsupported LDAP type: " . $ldapHandler['type']); |
|
| 1257 | + throw new Exception("Unsupported LDAP type: ".$ldapHandler['type']); |
|
| 1258 | 1258 | } |
| 1259 | 1259 | |
| 1260 | 1260 | /** |
@@ -1271,12 +1271,12 @@ discard block |
||
| 1271 | 1271 | if (isset($SETTINGS['enable_ad_users_with_ad_groups']) === true && (int) $SETTINGS['enable_ad_users_with_ad_groups'] === 1) { |
| 1272 | 1272 | // Get user groups from AD |
| 1273 | 1273 | $user_ad_groups = []; |
| 1274 | - foreach($groups as $group) { |
|
| 1274 | + foreach ($groups as $group) { |
|
| 1275 | 1275 | //print_r($group); |
| 1276 | 1276 | // get relation role id for AD group |
| 1277 | 1277 | $role = DB::queryFirstRow( |
| 1278 | 1278 | 'SELECT lgr.role_id |
| 1279 | - FROM ' . prefixTable('ldap_groups_roles') . ' AS lgr |
|
| 1279 | + FROM ' . prefixTable('ldap_groups_roles').' AS lgr |
|
| 1280 | 1280 | WHERE lgr.ldap_group_id = %s', |
| 1281 | 1281 | $group |
| 1282 | 1282 | ); |
@@ -1407,7 +1407,7 @@ discard block |
||
| 1407 | 1407 | // Check if exists in DB |
| 1408 | 1408 | $groupData = DB::queryFirstRow( |
| 1409 | 1409 | 'SELECT id |
| 1410 | - FROM ' . prefixTable('roles_title') . ' |
|
| 1410 | + FROM ' . prefixTable('roles_title').' |
|
| 1411 | 1411 | WHERE title = %s', |
| 1412 | 1412 | $group["displayName"] |
| 1413 | 1413 | ); |
@@ -1537,7 +1537,7 @@ discard block |
||
| 1537 | 1537 | |
| 1538 | 1538 | // generate new QR |
| 1539 | 1539 | $new_2fa_qr = $tfa->getQRCodeImageAsDataUri( |
| 1540 | - 'Teampass - ' . $username, |
|
| 1540 | + 'Teampass - '.$username, |
|
| 1541 | 1541 | $userInfo['ga'] |
| 1542 | 1542 | ); |
| 1543 | 1543 | // clear temporary code from DB |
@@ -1550,7 +1550,7 @@ discard block |
||
| 1550 | 1550 | $userInfo['id'] |
| 1551 | 1551 | ); |
| 1552 | 1552 | $firstTime = [ |
| 1553 | - 'value' => '<img src="' . $new_2fa_qr . '">', |
|
| 1553 | + 'value' => '<img src="'.$new_2fa_qr.'">', |
|
| 1554 | 1554 | 'user_admin' => isset($sessionAdmin) ? (int) $sessionAdmin : '', |
| 1555 | 1555 | 'initial_url' => isset($sessionUrl) === true ? $sessionUrl : '', |
| 1556 | 1556 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
@@ -1706,7 +1706,7 @@ discard block |
||
| 1706 | 1706 | }*/ |
| 1707 | 1707 | return [ |
| 1708 | 1708 | 'error' => true, |
| 1709 | - 'message' => $duo_error . $lang->get('duo_error_check_config'), |
|
| 1709 | + 'message' => $duo_error.$lang->get('duo_error_check_config'), |
|
| 1710 | 1710 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
| 1711 | 1711 | 'debug_message' => $e->getMessage(), |
| 1712 | 1712 | 'proceedIdentification' => false, |
@@ -1722,7 +1722,7 @@ discard block |
||
| 1722 | 1722 | } catch (DuoException $e) { |
| 1723 | 1723 | return [ |
| 1724 | 1724 | 'error' => true, |
| 1725 | - 'message' => $duo_error . $lang->get('duo_error_url'), |
|
| 1725 | + 'message' => $duo_error.$lang->get('duo_error_url'), |
|
| 1726 | 1726 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
| 1727 | 1727 | 'debug_message' => $e->getMessage(), |
| 1728 | 1728 | 'proceedIdentification' => false, |
@@ -1730,7 +1730,7 @@ discard block |
||
| 1730 | 1730 | } |
| 1731 | 1731 | |
| 1732 | 1732 | // Somethimes Duo return success but fail to return a URL, double check if the URL has been created |
| 1733 | - if (!empty($duo_redirect_url) && filter_var($duo_redirect_url,FILTER_SANITIZE_URL)) { |
|
| 1733 | + if (!empty($duo_redirect_url) && filter_var($duo_redirect_url, FILTER_SANITIZE_URL)) { |
|
| 1734 | 1734 | // Since Duo Universal requires a redirect, let's store some info when the user get's back after completing the Duo prompt |
| 1735 | 1735 | $key = hash('sha256', $duo_state); |
| 1736 | 1736 | $iv = substr(hash('sha256', $duo_state), 0, 16); |
@@ -1758,7 +1758,7 @@ discard block |
||
| 1758 | 1758 | } else { |
| 1759 | 1759 | return [ |
| 1760 | 1760 | 'error' => true, |
| 1761 | - 'message' => $duo_error . $lang->get('duo_error_url'), |
|
| 1761 | + 'message' => $duo_error.$lang->get('duo_error_url'), |
|
| 1762 | 1762 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
| 1763 | 1763 | 'proceedIdentification' => false, |
| 1764 | 1764 | ]; |
@@ -1779,8 +1779,8 @@ discard block |
||
| 1779 | 1779 | // return the response (which should be the user name) |
| 1780 | 1780 | if ($decoded_token['preferred_username'] === $username) { |
| 1781 | 1781 | $session->set('user-duo_status', 'COMPLET'); |
| 1782 | - $session->set('user-duo_state',''); |
|
| 1783 | - $session->set('user-duo_data',''); |
|
| 1782 | + $session->set('user-duo_state', ''); |
|
| 1783 | + $session->set('user-duo_data', ''); |
|
| 1784 | 1784 | $session->set('user-login', $username); |
| 1785 | 1785 | |
| 1786 | 1786 | return [ |
@@ -1791,9 +1791,9 @@ discard block |
||
| 1791 | 1791 | ]; |
| 1792 | 1792 | } else { |
| 1793 | 1793 | // Something wrong, username from the original Duo request is different than the one received now |
| 1794 | - $session->set('user-duo_status',''); |
|
| 1795 | - $session->set('user-duo_state',''); |
|
| 1796 | - $session->set('user-duo_data',''); |
|
| 1794 | + $session->set('user-duo_status', ''); |
|
| 1795 | + $session->set('user-duo_state', ''); |
|
| 1796 | + $session->set('user-duo_data', ''); |
|
| 1797 | 1797 | |
| 1798 | 1798 | return [ |
| 1799 | 1799 | 'error' => true, |
@@ -1804,9 +1804,9 @@ discard block |
||
| 1804 | 1804 | } |
| 1805 | 1805 | } |
| 1806 | 1806 | // If we are here something wrong |
| 1807 | - $session->set('user-duo_status',''); |
|
| 1808 | - $session->set('user-duo_state',''); |
|
| 1809 | - $session->set('user-duo_data',''); |
|
| 1807 | + $session->set('user-duo_status', ''); |
|
| 1808 | + $session->set('user-duo_state', ''); |
|
| 1809 | + $session->set('user-duo_data', ''); |
|
| 1810 | 1810 | return [ |
| 1811 | 1811 | 'error' => true, |
| 1812 | 1812 | 'message' => $lang->get('duo_login_mismatch'), |
@@ -1918,7 +1918,7 @@ discard block |
||
| 1918 | 1918 | // Check for existing lock |
| 1919 | 1919 | $unlock_at = DB::queryFirstField( |
| 1920 | 1920 | 'SELECT MAX(unlock_at) |
| 1921 | - FROM ' . prefixTable('auth_failures') . ' |
|
| 1921 | + FROM ' . prefixTable('auth_failures').' |
|
| 1922 | 1922 | WHERE unlock_at > %s |
| 1923 | 1923 | AND ((source = %s AND value = %s) OR (source = %s AND value = %s))', |
| 1924 | 1924 | date('Y-m-d H:i:s', time()), |
@@ -1940,8 +1940,8 @@ discard block |
||
| 1940 | 1940 | // Get user info from DB |
| 1941 | 1941 | $data = DB::queryFirstRow( |
| 1942 | 1942 | 'SELECT u.*, a.value AS api_key |
| 1943 | - FROM ' . prefixTable('users') . ' AS u |
|
| 1944 | - LEFT JOIN ' . prefixTable('api') . ' AS a ON (u.id = a.user_id) |
|
| 1943 | + FROM ' . prefixTable('users').' AS u |
|
| 1944 | + LEFT JOIN ' . prefixTable('api').' AS a ON (u.id = a.user_id) |
|
| 1945 | 1945 | WHERE login = %s AND deleted_at IS NULL', |
| 1946 | 1946 | $login |
| 1947 | 1947 | ); |
@@ -2061,7 +2061,7 @@ discard block |
||
| 2061 | 2061 | 'array' => [ |
| 2062 | 2062 | 'value' => 'bruteforce_wait', |
| 2063 | 2063 | 'error' => true, |
| 2064 | - 'message' => $lang->get('bruteforce_wait') . (string) $e->getMessage(), |
|
| 2064 | + 'message' => $lang->get('bruteforce_wait').(string) $e->getMessage(), |
|
| 2065 | 2065 | ] |
| 2066 | 2066 | ]; |
| 2067 | 2067 | } |
@@ -2478,15 +2478,15 @@ discard block |
||
| 2478 | 2478 | |
| 2479 | 2479 | if ($ret['error'] !== false) { |
| 2480 | 2480 | logEvents($SETTINGS, 'failed_auth', 'bad_duo_mfa', '', stripslashes($username), stripslashes($username)); |
| 2481 | - $session->set('user-duo_status',''); |
|
| 2482 | - $session->set('user-duo_state',''); |
|
| 2483 | - $session->set('user-duo_data',''); |
|
| 2481 | + $session->set('user-duo_status', ''); |
|
| 2482 | + $session->set('user-duo_state', ''); |
|
| 2483 | + $session->set('user-duo_data', ''); |
|
| 2484 | 2484 | return [ |
| 2485 | 2485 | 'error' => true, |
| 2486 | 2486 | 'mfaData' => $ret, |
| 2487 | 2487 | 'mfaQRCodeInfos' => false, |
| 2488 | 2488 | ]; |
| 2489 | - } else if ($ret['duo_url_ready'] === true){ |
|
| 2489 | + } else if ($ret['duo_url_ready'] === true) { |
|
| 2490 | 2490 | return [ |
| 2491 | 2491 | 'error' => false, |
| 2492 | 2492 | 'mfaData' => $ret, |
@@ -2550,7 +2550,7 @@ discard block |
||
| 2550 | 2550 | // Count failed attempts from this source |
| 2551 | 2551 | $count = DB::queryFirstField( |
| 2552 | 2552 | 'SELECT COUNT(*) |
| 2553 | - FROM ' . prefixTable('auth_failures') . ' |
|
| 2553 | + FROM ' . prefixTable('auth_failures').' |
|
| 2554 | 2554 | WHERE source = %s AND value = %s', |
| 2555 | 2555 | $source, |
| 2556 | 2556 | $value |
